Question about Data Protection and automatic data encryption

If I did not explicitly enable Data Protection entitlement in my iOS app, are all stored data / files still encrypted automatically since iOS 7? The iOS Security guide (https://www.apple.com/business/docs/iOS_Security_Guide.pdf) seems to imply that with the following statement:


In addition to the hardware encryption features built into iOS devices, Apple uses a technology called Data Protection to further protect data stored in flash memory on the device. Data Protection allows the device to respond to common events such as incoming phone calls, but also enables a high level of encryption for user data. Key system apps, such as Messages, Mail, Calendar, Contacts, Photos, and Health data values use Data Protection by default, and third-party apps installed on iOS 7 or later receive this protection automatically.


Accepted Reply

Yes. Starting with iOS 7 the default data protection for apps is

NSFileProtectionCompleteUntilFirstUserAuthentication
.

I went into this in detail in a thread on the old DevForums. However, re-reading that now I see that my attempt to fix the messed up table is still messed up. [I’m feeling pretty dumb at this point )-: ] I can’t fix it because the old DevForums is now read-only, so I’ve included a correct version here.

          iOS 4...6                iOS 7..
          ---------                -----------------
Explicit1 NSFileProtectionComplete NSFileProtectionComplete
Explicit2 NSFileProtectionNone     NSFileProtectionCompleteUntilFirstUserAuthentication

That is, if you set a value in your App ID / provisioning profile (Explicit1), you get that value. If you don't (Explicit2), you get

NSFileProtectionNone
on iOS 6 and earlier and
NSFileProtectionCompleteUntilFirstUserAuthentication
on iOS 7 and later.

Let me know if I’ve messed up the table again (-;

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

Yes. Starting with iOS 7 the default data protection for apps is

NSFileProtectionCompleteUntilFirstUserAuthentication
.

I went into this in detail in a thread on the old DevForums. However, re-reading that now I see that my attempt to fix the messed up table is still messed up. [I’m feeling pretty dumb at this point )-: ] I can’t fix it because the old DevForums is now read-only, so I’ve included a correct version here.

          iOS 4...6                iOS 7..
          ---------                -----------------
Explicit1 NSFileProtectionComplete NSFileProtectionComplete
Explicit2 NSFileProtectionNone     NSFileProtectionCompleteUntilFirstUserAuthentication

That is, if you set a value in your App ID / provisioning profile (Explicit1), you get that value. If you don't (Explicit2), you get

NSFileProtectionNone
on iOS 6 and earlier and
NSFileProtectionCompleteUntilFirstUserAuthentication
on iOS 7 and later.

Let me know if I’ve messed up the table again (-;

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"